Upon execution, this virus searches for all Windows PE (Portable Executable) files in the current directory and infects them by adding its own code at the end of the target file. To avoid re-infecting previously infected files, the virus always checks for the marker �BA�, which it inserts during infection, at offset 24h relative to the start of the file.
This virus has a dangerous payload. On the 22nd of every month, it overwrites all EXE files in the C:\ drive with the text �KAMIKAZE�. The filesize of the overwritten files stays the same.